8089 matches found
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by accessing the internal database content, as the encryption key is hard-coded and publicly known. Note:...
Use of Hard-coded Cryptographic Key
Overview org.apache.syncope.core:syncope-core-persistence-jpa is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license. Affected versions of this package are vulnerable to Use of Hard-coded...
Use of Hard-coded Cryptographic Key
Overview org.apache.syncope.core:syncope-core-starter is an Apache Syncope Core Spring Boot Starter Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by accessing t...
Use of Hard-coded Cryptographic Key
Overview org.apache.syncope.core:syncope-core-provisioning-java is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license. Affected versions of this package are vulnerable to Use of Hard-coded...
Use of Hard-coded Cryptographic Key
Overview org.apache.syncope.core.idrepo:syncope-core-idrepo-logic is an Apache Syncope Core IdRepo Logic Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by...
CVE-2025-65998
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...
CVE-2025-65998
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...
CVE-2025-65998 Apache Syncope: Default AES key used for internal password encryption
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...
PT-2025-47918
Name of the Vulnerable Software and Affected Versions Apache Syncope versions prior to 3.0.15 Apache Syncope versions prior to 4.0.3 Description Apache Syncope, when configured to use AES encryption for storing user passwords in its internal database, utilizes a hard-coded default key. This allow...
Apache Syncope 安全漏洞
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope has a trust management issue vulnerability that stems from...
CVE-2025-54341
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values...
CVE-2025-54341
Summary: CVE-2025-54341 affects the Desktop Alert PingAlert Application Server. The vulnerability is due to hard-coded configuration values in PingAlert versions 6.1.0.11 through 6.1.1.2 . Several sources (NVD, EUVD, Red Hat, CNNVD, CVE listings) corroborate this issue. The provided data does not...
Desktop Alert PingAlert 安全漏洞
Desktop Alert PingAlert is a network status monitoring tool from Desktop Alert USA. A security vulnerability exists in Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2, which stems from the presence of hard-coded configuration values...
CVE-2025-54341
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values...
Xtool AnyScan App 安全漏洞
Xtool AnyScan App is an automotive diagnostic mobile application from China-based Xtool. A security vulnerability exists in Xtool AnyScan App version 4.40.40 and earlier, which stems from the use of a hard-coded key to decrypt update metadata...
PT-2025-47971
Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A security issue exists in the Application Server component of the software due to hard-coded configuration values. Recommendations Update Desktop Alert PingAlert to a versi...
CVE-2025-13316
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to...
Fortinet FortiWeb Trust Management Issue Vulnerability
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
CVE-2025-13316
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to...
CVE-2025-13316
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to...